?
Solved

Postfix & PGP

Posted on 2006-07-11
5
Medium Priority
?
1,588 Views
Last Modified: 2008-03-10
I'm looking to harden my email server and one of the things I want to do is store inbound email on the server in PGP encrypted form.  Email arrives via SMTP unencrypted and I want to have it encrypted before it is stored in the Mailbox.  The point is to safeguard against email being picked up in the event that someone should breech the security of the server and gain access to files and or gain access to pop3 or imap.  The pgp encrypted email would be downloaded by the client and unencrypted by software on the client.  Can anyone point me in the right direction for finding such a filter for Postfix?

Thanks!
0
Comment
Question by:phasevar
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 40

Expert Comment

by:noci
ID: 17088543
If your server is breached you're toast anyway, the intruder will be able find your pgp script and known some keys/passwords etc.

If you need POP et al. At least use RPOP version of the protocol, or use SSL based versions of POP and IMAP.
this to prevent snooping and eavesdropping.

I have no knowledge of any imap/pop-servers that support your original request.  It also won't help the performance
of your mail solution. As POP & IMAP need access to the mail to make an index. ==> have to decrypt all
before supplying an answer to the first question from any client, "can I have all headers please":


0
 
LVL 40

Expert Comment

by:noci
ID: 17088553
BTW,

cyrus-imap server might be the way to go, it uses a database to store stuff..., at least raises the bar a little.
and it's a quite fast server.
0
 

Author Comment

by:phasevar
ID: 17091785
noci, PGP is public-key cryptography.  The server should only have a public key for each mailbox and the private keys needed to decrypt the messages are stored on each client.  So in event of a server breach, encrypted mail should not be able to be read without the private key.

As for indexing, I don't think pgp encrypts the headers.  PGP is used in mail already, but usually it's encrypted by the sender, not the receiving mail server.  If it travels through the mail system now, it has to have plaintext headers.

It's not the imap/pop server that would need pgp support.  It would be a filter in the Postfix incoming SMTP stage during mail queue delivery to local addresses.

Thanks for the tip on cyrus.  I've wondered about database storage for mailboxes.
0
 
LVL 40

Accepted Solution

by:
noci earned 2000 total points
ID: 17093591
I assumed you wanted to encrypt the message as a whole (including the headers).
As far as mail is concerned SMTP wise there are two things...
= The Envelope (containing Sender & Receipent(s)) that only lives when a message travels from MTA => MTA and the enveloppe
    is lost on delivery at a MUA  (MTA= Mail Transfer Agent, aka postman; MUA = Useragent aka Mail Store/Mailbox + retrieval tools).
= The Content (Whole message Headers + content as one blob) The separation between header and message is on the first empty line.

Your option needs a special kind of MUA I haven't yet seen. You'll need a tool that first splits the message into its parts and the assembles
all the parts again with encryption. It can be done, but what's the point...,

The message travels across other mta's where it's not protected (you can find out how many by reading the "Received lines" in the header).
During transmission over cables it is sent in clear text, anybody with access to the right part of the cable can tap into it.
In Europe your message will end up in at least one government database as part of "Anti-Terrorist" legislation. All ISP's have to comply Jan 1st, 2007
at the latest.

Therefore if you want to  prevent access everybody needs  to encrypt their message at the source... The sender.
0
 

Author Comment

by:phasevar
ID: 17101882
Ideally all senders would encrypt their messages but that's just wishful thinking.  For instance, I don't see Amazon.com sending out receipts in pgp anytime soon.

I know the whole chain isn't secure and that email passes through many points before it reaches my server but I was just hoping to add that little bit of extra security in the event that someone were to breach the server security and gain access to the mail files.  Obviously that would do nothing to circumvent the man-in-the-middle who is actively watching for the mail.

Thanks for your help.
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Fine Tune your automatic Updates for Ubuntu / Debian
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question